American critical infrastructure organizations will soon be forced to report cybersecurity incidents within 72 hours, and any ransomware payments within 24 hours, following a new bipartisan bill that had just passed the US Senate.
The The Strengthening American Cybersecurity Act was introduced by Senators Rob Portman and Gary Peters, ranking member and chairman of the Senate Homeland Security and Governmental Affairs Committee.
It is based on multiple older acts, including the Cyber Incident Reporting Act, the Federal Information Security Modernization Act of 2021, and the Federal Secure Cloud Improvement and Jobs Act.
Russians attack fears
The goal of the new law, the two senators have stated, is to strengthen the American cybersecurity posture, in anticipation of Russian malware (opens in new tab) and ransomware attacks. The US has sided with Ukraine as the latter suffers the Russian invasion, sending military aid and imposing devastating sanctions on the Russian government, tycoons and oligarchs.
“As our nation continues to support Ukraine, we must ready ourselves for retaliatory cyber-attacks from the Russian government... This landmark legislation, which has now passed the Senate, is a significant step forward to ensuring the United States can fight back against cybercriminals and foreign adversaries who launch these persistent attacks," Peters said.
"Our landmark, bipartisan bill will ensure CISA is the lead government agency responsible for helping critical infrastructure operators and civilian federal agencies respond to and recover from major network breaches and mitigate operational impacts from hacks. I will continue urging my colleagues in the House to pass this urgently needed legislation to improve public and private cybersecurity as new vulnerabilities are discovered, and ensure that the federal government can safety and securely utilize cloud-based technology to save taxpayer dollars."
> US government wants to learn more from recent major hacks (opens in new tab)
> The NSA is getting a lot more cybersecurity power (opens in new tab)
> US government teams up with tech giants to tackle the next big cyberattack (opens in new tab)
Elsewhere in the act, the Federal Risk and Authorization Management Program (FedRAMP) has gotten the green light to help federal agencies “quickly and securely adopt cloud-based technologies that improve government operations and efficiency."
US government organizations should now be better at coordinating and managing cyberattacks and other virus (opens in new tab) attacks against its endpoints (opens in new tab), it was concluded. However, for the law to be enforced, it first needs to be signed by the US President, Joe Biden, and to do that, it first needs to pass the House.
- Check out our rundown of the best firewalls (opens in new tab) right now
Via: ZDNet (opens in new tab)